package cn.lyjuan.dwz_manage.core.config;

import cn.lyjuan.dwz_manage.core.base.pojo.ActionPojo;
import cn.lyjuan.dwz_manage.core.java.cst.DwzManageCst;
import cn.lyjuan.dwz_manage.core.java.mapper.IMgActionMapper;
import cn.lyjuan.dwz_manage.core.java.mapper.IMgManageMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

import java.util.List;

/**
 * Created by chad on 2016/8/23.
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
    @Autowired
    private DwzManageCst dwzManageCst;

    @Autowired
    private IMgActionMapper actionMapper;

    @Autowired
    private IMgManageMapper manageMapper;
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception
    {
        // 自定义用户及权限服务
        auth.userDetailsService(new UserDetailsServiceImpl(manageMapper));
    }

    @Override
    public void configure(WebSecurity web) throws Exception
    {
        // 登陆页都可以访问
//        web.ignoring().antMatchers("/images/**", "/css/**", "/js/**", "/404.html", "/500.html");
        // 如果不加这个，进入登陆页面时，会经过Security跳转，不能带参数
        web.ignoring().antMatchers("/login/login" + dwzManageCst.getHttpSuffix());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry
                registry
                = http.csrf().disable()
            .formLogin()
                .loginPage("/login/login" + dwzManageCst.getHttpSuffix())
                .successForwardUrl("/toindex" + dwzManageCst.getHttpSuffix())
                .loginProcessingUrl("/login/submit" + dwzManageCst.getHttpSuffix())
                .failureUrl("/login/login" + dwzManageCst.getHttpSuffix() + "?isMismatchLogin=true")
                .permitAll()
            .and()
            .logout()
                .logoutUrl("/login/logout" + dwzManageCst.getHttpSuffix())
                .logoutSuccessUrl("/login/login" + dwzManageCst.getHttpSuffix())
                .permitAll()
            .and()
            .authorizeRequests()
                //1. 能找到匹配的URL时，不使用anyRequest
//                .antMatchers("/test/test.mg").hasAuthority("test_test")
//                .anyRequest().hasAuthority(UserDetailsServiceImpl.SUPPER_ADMIN)
                //2. 同样的URL匹配规则时，后面的会覆盖前面的
//                .antMatchers("/test/test.mg").hasAuthority("test/test")
//                .antMatchers("/test/test.mg").hasAuthority(UserDetailsServiceImpl.SUPPER_ADMIN)
        ;

        // 查询所有非来宾请求
        List<ActionPojo> list = actionMapper.selectForNotGuest(dwzManageCst.getGuestName());

        if (null != list && !list.isEmpty())
        {
            for (ActionPojo a : list)// 后缀为 自定义配置的
            {
                registry.antMatchers("/" + a.getActionurl() + dwzManageCst.getHttpSuffix())
                        .hasAuthority(a.getActionurl());
            }
        }

        // 来宾请求
        list = actionMapper.selectForGuest(dwzManageCst.getGuestName());
        if (null != list && !list.isEmpty())
        {
            for (ActionPojo a : list)// 后缀为 自定义配置的
            {
                registry.antMatchers("/" + a.getActionurl() + dwzManageCst.getHttpSuffix())
                        .permitAll();
            }
        }

        // 剩余的请求拒绝
        registry.anyRequest().denyAll();
    }
}
